Thursday, May 30, 2013

BitCoin is a public ledger

BitCoin is not so much a "currency" as an "emergent phenomenon". It makes things possible that have nothing to do with money.

For example, let’s say that you have a screen-play for a movie. Before shopping it around in Hollywood, you want to prove that it’s yours, so that a greedy producer can't steal it. Using BitCoin, you can add the signature (and date) of your screen-play to the "block chain", the "public ledger" where all Bitcoin transactions are stored. Now, if producers get greedy, you can (in theory) pull out this proof in a court and sue them.

As another example, let’s say that you have a great idea for a patent, but it’s not quite ready. Well, write it up into a file, then add the file’s signature to the block chain. Years from now, if somebody beats you to the patent filing, you can prove that you had the idea ahead of time.

You don’t need to really know how this works. There’s a website called http://proofofexistence.com that takes care of this for you. Put whatever it is you want in a file, the sign the file using that site. Years from now, you can prove to somebody then that this file existed right now, today.

This is just one example of many emergent phenomenon popping up around BitCoin. It’s not just about electronic currency, it’s about a lot of weird crypto concepts.

Example

The above discussion is basic. Below I show a real-world example of how to add something to the public ledger.

Today I submitted a short story to the “DefCon 21 Short Story Contest” only 12 hours before the deadline at midnight. I haven’t gotten confirmation back that they received my story, so I’m worried. If tomorrow comes and they claim they didn’t get it, then I’m out of luck -- they won’t accept it.

Therefore, using BitCoin, I want to prove that the story was ready today, and that if they didn’t get it, the problem is on their end.


The first step is to create a digital fingerprint of my file known as a “one-way hash”. This runs all the bytes of the file through a cryptographic algorithm producing a short string as a result. Any change to the file produces a different hash.

My story is 23-kilobytes long. I ran it through “openssl sha256” and got the following result as a hash:

cf612f9adce2fe262e91cfbfe5f81fd9e172cf9d480864d1e8f0dcdee36b3504

Any change to that file, no matter how insignificant, will completely change the hash. I added a single blank line to the file, and got the following new hash as a result. You can see how this new hash has no relationship to the original hash, even though the change was tiny.

3b8f7fe6bd2c9098f0985bf47964a829c1d66efd2c364871a0d4ee9eddc24da1

The “hash” is a form of “military grade crypto” (sic). That means I can’t cheat. I can’t put a hash into the ledger now, then later create a document that matches the hash. The only way to match that specific hash is to have the original file without even the tiniest of changes.


The second step, once I have the hash, is to convert it into a BitCoin “address” to receive coin. Actually, since the hash is so long, I create two addresses. I first split the hash into two parts:

cf612f9adce2fe262e91cfbfe5f81fd9e172cf9d
480864d1e8f0dcdee36b35040000000000000000

I then convert these into the equivalent BitCoin addresses:

1KuXJJqcWy8931RWCTrWgyr22txyELHPRD
17Zsi2TiKrZoAoaQ7bzt3wPB5NZV1T4KeE

Finally, I create a transaction where I send these two addresses the value of 0.0000001 – the smallest amount possible. In today’s value, that’s about a millicent (one thousandth of a penny).

The reason I’m sending such a small amount is that whatever I send will be destroyed. A bitcoin address is supposed to be the “public key” matching a “private key”. The private key is your bitcoin “wallet” that you use to create payments, while your public key is used to receive payments. However, in the above transaction, there are no private keys matching those two public keys, and hence, BitCoins sent to those addresses can never be spent again.

Once I make the payments, the full transaction appears in the BitCoin ledger. You can either download the entire ledger yourself (using special software and the BitCoin peer-to-peer protocol), or you can view it on websites, such as the website known as http://blockchain.info. If you click on this link, you’ll see a copy of the transaction, and the two addresses above that received the millicents.
Timestamping is a little difficult. Roughly every 10 minutes, recent transactions are combined into a “block”. Each new block has numeric ID that is one greater than the previous one, which is why the ledger is called a “block chain”. My transaction is inside block #238764, which spread throughout the network around 9:30pm on May 30, 2013. 


Now let’s say the contest organizers don’t get my story in the deadline, and doubt whether I’m being honest that I sent it. I can resend the story along with the block number, and say “See! It was ready on time.”. This still doesn’t prove I actually sent the story, of course, but it does prove the story existed at that time.



Update: After completing this blogpost, I got confirmation from DefCon that they indeed have my story submission. :)


Update: My story is here, you can vote for it (number 13389) here.


16 comments:

Wim Coenen said...

The latest version (0.8.2) of the bitcoin reference client will not relay transactions that have a 0.0000001 output. The minimum is now 0.00005430.

http://www.btcpedia.com/bitcoin-qt-0-8-2-lower-fee/

vog said...

It's nice to see that this idea becomes more widespread. Some time ago I started a small JavaScript tool "Bitcoinproof" which performs the necessary calculations automatically for you:

http://vog.github.io/bitcoinproof/

vog said...

One more thing:

You don't need to split your SHA256 hash into two pieces. One transaction to one address is sufficient.

You just have to create the address in the same way in which Bicoin generates an address for a public key:

Base58(RIPEMD160(SHA256(public key)))

So there's nothing wrong with doing it the same way for your story:

Base58(RIPEMD160(SHA256(story)))

(That's what I'm also using in Bitcoinproof)

Using this hash is not any "less secure" than the plain SHA256 hash, because the RIPEMD160+SHA256 combination is used by the Bitcoin network itself. So if this one is broken, the Bitcoin network itself is broken, and your timestamps would be no longer trustable anyway.

ivan said...

Please embed the hash in the public note (comment field) instead and don't send coins to random addresses. There is a valid reason new clients will not forward such payments. Each unspent output i.e. balance must remain live on all clients that wish to verify validity of blocks.

Anonymous said...

Good article. FYI patents are now decided on a first-to-file, rather than a first-to-invent basis.

Bernd said...

There exists no "comment" field in bitcoin. Using the destinaton address is the only way to encode data into the blockchain.

Anonymous said...

http://en.wikipedia.org/wiki/First_to_file_and_first_to_invent#The_USA.27s_change_to_first-inventor-to-file_.28FITF.29

Anonymous said...

Very good idea. Thanks for sharing.

James Barge said...

Wow! This is mind-BLOWING

Neha Agrawal said...

Bitcoin network is broken... Is that true?

Anonymous said...

There's also an academic paper that studies this idea:

Jeremy Clark and Aleksander Essex. CommitCoin: Commitments with Temporal Dispute Resolution using Bitcoin (Short Paper). Proceedings of the 16th Conference on Financial Cryptography and Data Security (FC 2012), 2012.

Christopher Franko said...

Wow this is a pretty nice idea, i think im going to add it FRK

Anonymous said...

There are a lot of other currencies you can do this. What about PPcoin (PPC), for example.

Stephen said...

I would use the Namecoin blockchain, which allows for a 512kb metadata payload with each transaction.

Jon Stern said...

Minimum transaction fee is .0001 BTC. About 8c $USD. Most wallets wont allow smaller fees.

Also, it's pretty easy to create a papervwallet with an address at bitaddress.org. And that way you can encrypt the private keys. Good for storing private and confidential information.

You may not want to make a doc public, just need a safe place to store it.

Clayton Rabenda said...

Hm, I was also under the impression that arbitrary data could be inserted into a transaction....

https://en.bitcoin.it/wiki/Script

I have to admit I'm having trouble understand the above page, but it seems that it should be possible...